Description

We should ensure that about:tor runs with only content privileges.

Changing the getURIFlags() function in src/components/aboutTor.js to include Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT in the value returned should do the trick, but other things will need to be fixed as a result of that change.

This change fixes #21948 and #22525 as well, so it would be great to include it in a Tor Browser release soon. While the patch is somewhat large, that is mainly because we had to move a lot of code out of torbutton.js into the new aboutTor-content.js content script (so it can run in the content process where the about:tor DOM is accessible).

This change fixes #21948 and #22525 as well, so it would be great to include it in a Tor Browser release soon. While the patch is somewhat large, that is mainly because we had to move a lot of code out of torbutton.js into the new aboutTor-content.js content script (so it can run in the content process where the about:tor DOM is accessible).

Looks good to me, thanks! Just some nits:

+ // process that is only available here (in the chrome process). It is sent
+ // sent to the content process when an about:tor window is opened and in